I thought the same thing daily for, oh, about 2 years.
Just goes to show...you can have the best tools and the skill of the operator still makes all the difference.
Where I am, I attempt to emphasize "process, not product" though neither what a product is and what a process does are well understood here. The base motivations pushing people to act are also counterproductive. Very frustrating.
Don't forget, they're also only counting Overt attacks, I.E. Verified ones... ones that leave a trace. It could very well be that all of those windows or OSX boxes were at some point Owned, but that the attack was so successful as to not leave a trace.
That's one thing that really bugs me about information available to monitor Windows (from log files to dynamic data).
What I can find in depth, by default, and easily on Linux is a real chore to locate or (in the case of the standard log files) typically useless.
It must take an excessive amount of effort and forsight for serious monitoring of a Windows system and even then is it trustworthy? The defaults just don't record/show enough.
Sadly, the Centrino support will most likely be a proprietary driver, but it's better than nothing.
Who the hell cares besides RMS? I love using my machine and it has an nVidia card in it. I don't care that their "driver" is closed source, I can play a lot of heavy duty games with it.
[Raises hand] While I am not dogmatic about it, there are a few serious practical concerns about closed source drivers;
Can't use them out of the box; it's another set of steps.
Except for propriatory drivers, most hardware is well supported under any distribution you have. There
is no seperate installation step or set of directions you need to follow for the open source parts!
The closed drivers tend to be flaky.
Nvidia has done a great job with this, though it has taken well over a year to reach a point where they are stable. Few other drivers I use -- silently and without hassles -- have stability problems at all.
There are few reasons *not* to go with open source...and quite a few reasons not to.
Hiding shoddy code or protecting 3rd party licenced parts are the only reasons not to release the source.
Allowing the code to be reviewed and fixed, having nearly automatic support for non-x86 CPUs, having a much wider user base, and simple good will are reasons to release the source.
In some cases -- and Intel and Nvidia specifically can do this -- a mix of 'firmware' style add-ins limited narrowly to a few 3rd party propriatory parts would probably work. Hiding the source to protect it from prying eyes isn't a good reason since everyone has debuggers and disassemblers...so if they want to know they probably already do know how the secret sauce is made and what it does.
With articles like this, isn't is obvious Enderle just wants to garner attention. And slashdot seems to be giving him just that. I wonder whether he wants to float an IPO soon, and pull of another SCO.
Is there a "No articles even mentioning pompus dwebes" slashbox? I'd really like that!
Most people I know say they get tons of spam... I really just don't see how.
Get your own domain. It doesn't even matter if you use an email addres, you will get spam. About 3/4 of the spam I get is for email accounts I've never seen -- and I am the only one who has ever used my domain!
I haven't seen this type of spam, but if it is happening, the spammers must have access to monstrous amounts of bandwidth, and be damned to clogged routers and mailservers.
From the spam I get, it looks like much of the bandwidth they use is all from victims of the latest virus holes. They don't pay for that either.
This isn't the right story to mention this on, though it's somewhat related.
I've encountered many problems with external hard drives using USB 1 and 2 interfaces. Locking up the entire system on large file copies was the main issue. (Copying small numbers of files was never an issue. Lockups occured on different drives, different external chipsets, different 2.4.x kernels though supposedly fixed in the latest 2.4.x releases.)
I've finally gotten the nerve to run a few days of tests on 2.6.1 to see if this has been really resolved, and I'm happy to report that this now works like a charm.
If you've encountered similar problems with 2.4.x, give 2.6.x a try.
Pencil? Ha! A pint glass -- the steep V shaped ones that are a bit heavy even when empty -- are the best designed objects on the planet.
Not only are they sutible for non-alcoholic beverages, they are ideal for drunk people since they wedge in your hand and are wide enough that it's difficult to drop them -- yet easy enough to put down. Weighted, with a wide flat base, they stay where put.
If the diagnostic tool takes a few minutes to run, it generally is not as effective as my eyeball diagnostics of banging on the keyboard and testing out normal programs.
If the diagnostic tool is focused on specific tasks -- say memory or hard drive -- and it performs an exhaustive test, it will catch things I can't.
Case in point: I've found that 1/2 of my computers have had RAM defects; some right out of the box, and some toward the end of life.
Sometimes, I suspect that a specific problem exists and the tool verifies it. Other times, I test just to make sure the systems are OK, and get a surprise.
In either case, the tests should take hours. In one situation, I ran a burn-in test for over a day before any problems were detected.
In addition, point out that even creative types like Linux as it has been used to produce most of the major films over the last few years -- from the raw horsepower of render farms through to the artist's desktop.
Just some ideas. (Check each one out before claiming it, though I think all the above is accurate.)
Support doesn't mean locked at the hip for all future updates, even at the enterprise level. It does mean they will handle problems and support what they ship. I wouldn't be too surprised if 4.3.x is the last XFree86 that either ship, though it could go either way. Who's to say what will happen in 5 years?
I don't see proof or a commitment to 4.4 from either of them, so unless you can show me, I'll have to say claims of an official commitment don't pass the sniff test.
Yeah, but the "pro graphics workstation market" is going to be using RedHat or SuSE, who are now committed to support XFree 4.x for the next 3-5 years.
What is that commitment, and who did they make it to?
(I'm not saying you're wrong, I just haven't heard anything along those lines and I'm straining to see why RH and SuSE would make an official commitment.)
OK. If you have a chance, try out Nessus. The analysis it provides is close to normal English; sentences and paragraphs of warnings with some raw data, not raw data all by itself.
Maybe you happen to be running a plain-text e-mail client that wipes your hard drive whenever it receives a message with the word 'Viagra' in the subject line? Who knows.
1. Nope. Evolution.
2. Why special-case filter on anything these days?
I can make my Windows box safe from hackers... just unplug the ethernet cable. Accept whatever risk you want.
Why accept any risk?
(Nit: 'crackers' are the bad guys, 'hackers' are the good guys.)
Sure it could be a target. Obscurity is what keeps it from being a target.
[ horrified ] If it's a web site -- on the Internet or (to a lesser degree an intranet) -- there's no way that obscurity is any bit of protection. Secrets, such as passwords, can be helpful though obscurity itself is wishing nothing goes wrong not insurance against problems.
At a bare minimum, run Nessus or one of the other top-notch scanners from both the intranet and Internet and see what it finds; www.nessus.org
I'm sure the office network I run is terribly vulnerable, but nobody's ever made a concerted effort because there's nothing valuable here.
Just because it's not 'valuable' doesn't mean it isn't a target. Computing resources alone have value, as does simple voyerism. That doesn't even approach intentional abuses of the accounting records. As a rule, assume everything is a target even if there is no obvious reason why it would be.
There is a difference between secrets and security through obscurity.
Example: Passwords are secrets. The mechanism to validate those passwords should never be muddled in obscurity since that leads to back doors and other problems.
Now, adding obscurity to the mix on top of verifiable and unobscured methods is not a bad idea. The "security through obscurity" gripe is really against "security through obscure methods only or trusting someone else's assurance that they are doing the right thing".
Shortening it to "security through obscurity does not work" is short hand.
First, you seem to consider yourself an "average user" which, from your comments, I can assure you that you are not. You're more educated, more aware of what goes on with your computer than the average person at the keyboard.
While that is true of the person you have responded to, the number of steps required (not optional) in a *nix environment to do the wrong thing is quite long. It requires experience to do the wrong thing. An average user would not be able to do these things, so they are safe where using Windows and a bad mail client like Outlook exposes them to danger easily and in some cases unavoidably.
And obviously if Incredimail's advertising says it's "safe, fun, and cool", and CNet gives it a #1 software, and ZDNet and Tucows both go gaga over it, then it must be great, and it's me that's broken.
Tell them it looks like *rap on your end -- send them a quoted example that does not render -- and that you never view HTML because of security concerns. Faking addresses is too common now, so it's not them, it's the spammers.
My father used to do the same thing, but after a few reminders he asked how to change it. The next time I visited -- click click -- it was disabled. He hasn't complained since...though he's not in the 'purple fairy background and bold pink text' crowd. Show them how ugly it is, and they might be convinced (OK, not likely, though let them know you don't see what they see).
Ahem, turn off HTML viewing in your email client NOW.
While I don't have a problem with this (using Evolution on Linux), I had a discussion with my boss a few weeks ago and he agreed to turn off HTML viewing (if possible) and preview anything not local (to stop web bugs) if HTML could not be disabled. The trouble is after 1/2 an hour we couldn't figure out how to disable these 'features' in Outlook!
Call me an idiot ("Hi idiot!"), though tell me where in that mess of secret sauce MS hid the switch? (1/2 an hour was all I could get on this non-work issue; Google didn't save me this time round.)
Slashdot Mirror
Just goes to show...you can have the best tools and the skill of the operator still makes all the difference.
Where I am, I attempt to emphasize "process, not product" though neither what a product is and what a process does are well understood here. The base motivations pushing people to act are also counterproductive. Very frustrating.
That's the saddest thing I've heard today.
That's one thing that really bugs me about information available to monitor Windows (from log files to dynamic data).
What I can find in depth, by default, and easily on Linux is a real chore to locate or (in the case of the standard log files) typically useless.
It must take an excessive amount of effort and forsight for serious monitoring of a Windows system and even then is it trustworthy? The defaults just don't record/show enough.
Who the hell cares besides RMS? I love using my machine and it has an nVidia card in it. I don't care that their "driver" is closed source, I can play a lot of heavy duty games with it.
[Raises hand] While I am not dogmatic about it, there are a few serious practical concerns about closed source drivers;
Can't use them out of the box; it's another set of steps.
The closed drivers tend to be flaky.
There are few reasons *not* to go with open source...and quite a few reasons not to.
Allowing the code to be reviewed and fixed, having nearly automatic support for non-x86 CPUs, having a much wider user base, and simple good will are reasons to release the source.
In some cases -- and Intel and Nvidia specifically can do this -- a mix of 'firmware' style add-ins limited narrowly to a few 3rd party propriatory parts would probably work. Hiding the source to protect it from prying eyes isn't a good reason since everyone has debuggers and disassemblers...so if they want to know they probably already do know how the secret sauce is made and what it does.
- With articles like this, isn't is obvious Enderle just wants to garner attention. And slashdot seems to be giving him just that. I wonder whether he wants to float an IPO soon, and pull of another SCO.
Is there a "No articles even mentioning pompus dwebes" slashbox? I'd really like that!Get your own domain. It doesn't even matter if you use an email addres, you will get spam. About 3/4 of the spam I get is for email accounts I've never seen -- and I am the only one who has ever used my domain!
200+ a day.
From the spam I get, it looks like much of the bandwidth they use is all from victims of the latest virus holes. They don't pay for that either.
Interesting...and encouraging. Any references?
I've encountered many problems with external hard drives using USB 1 and 2 interfaces. Locking up the entire system on large file copies was the main issue. (Copying small numbers of files was never an issue. Lockups occured on different drives, different external chipsets, different 2.4.x kernels though supposedly fixed in the latest 2.4.x releases.)
I've finally gotten the nerve to run a few days of tests on 2.6.1 to see if this has been really resolved, and I'm happy to report that this now works like a charm.
If you've encountered similar problems with 2.4.x, give 2.6.x a try.
Not only are they sutible for non-alcoholic beverages, they are ideal for drunk people since they wedge in your hand and are wide enough that it's difficult to drop them -- yet easy enough to put down. Weighted, with a wide flat base, they stay where put.
If the diagnostic tool takes a few minutes to run, it generally is not as effective as my eyeball diagnostics of banging on the keyboard and testing out normal programs.
If the diagnostic tool is focused on specific tasks -- say memory or hard drive -- and it performs an exhaustive test, it will catch things I can't.
Case in point: I've found that 1/2 of my computers have had RAM defects; some right out of the box, and some toward the end of life.
Sometimes, I suspect that a specific problem exists and the tool verifies it. Other times, I test just to make sure the systems are OK, and get a surprise.
In either case, the tests should take hours. In one situation, I ran a burn-in test for over a day before any problems were detected.
...in all Tivos
...in robotics
...various network appliances
...on mainframes
...in cell phones
...on PDAs
...in wristwatches (though a protype)
...and in and in a variety of other gadgets and practical devices
In addition, point out that even creative types like Linux as it has been used to produce most of the major films over the last few years -- from the raw horsepower of render farms through to the artist's desktop.
Just some ideas. (Check each one out before claiming it, though I think all the above is accurate.)
I don't see proof or a commitment to 4.4 from either of them, so unless you can show me, I'll have to say claims of an official commitment don't pass the sniff test.
What is that commitment, and who did they make it to?
(I'm not saying you're wrong, I just haven't heard anything along those lines and I'm straining to see why RH and SuSE would make an official commitment.)
OK. If you have a chance, try out Nessus. The analysis it provides is close to normal English; sentences and paragraphs of warnings with some raw data, not raw data all by itself.
1. Nope. Evolution.
2. Why special-case filter on anything these days?
Why accept any risk?
(Nit: 'crackers' are the bad guys, 'hackers' are the good guys.)
[ horrified ] If it's a web site -- on the Internet or (to a lesser degree an intranet) -- there's no way that obscurity is any bit of protection. Secrets, such as passwords, can be helpful though obscurity itself is wishing nothing goes wrong not insurance against problems.
At a bare minimum, run Nessus or one of the other top-notch scanners from both the intranet and Internet and see what it finds; www.nessus.org
Just because it's not 'valuable' doesn't mean it isn't a target. Computing resources alone have value, as does simple voyerism. That doesn't even approach intentional abuses of the accounting records. As a rule, assume everything is a target even if there is no obvious reason why it would be.
Hogwash.
There is a difference between secrets and security through obscurity.
Example: Passwords are secrets. The mechanism to validate those passwords should never be muddled in obscurity since that leads to back doors and other problems.
Now, adding obscurity to the mix on top of verifiable and unobscured methods is not a bad idea. The "security through obscurity" gripe is really against "security through obscure methods only or trusting someone else's assurance that they are doing the right thing".
Shortening it to "security through obscurity does not work" is short hand.
I'll add;
- Using file name extentions to identify files and to choose what will process the contents those files
- Hiding those same extentions by default
These alone are a large part of the problem with Windows security.
While that is true of the person you have responded to, the number of steps required (not optional) in a *nix environment to do the wrong thing is quite long. It requires experience to do the wrong thing. An average user would not be able to do these things, so they are safe where using Windows and a bad mail client like Outlook exposes them to danger easily and in some cases unavoidably.
OK, why should we be worried again? (HTML off btw).
Tell them it looks like *rap on your end -- send them a quoted example that does not render -- and that you never view HTML because of security concerns. Faking addresses is too common now, so it's not them, it's the spammers.
My father used to do the same thing, but after a few reminders he asked how to change it. The next time I visited -- click click -- it was disabled. He hasn't complained since...though he's not in the 'purple fairy background and bold pink text' crowd. Show them how ugly it is, and they might be convinced (OK, not likely, though let them know you don't see what they see).
While I don't have a problem with this (using Evolution on Linux), I had a discussion with my boss a few weeks ago and he agreed to turn off HTML viewing (if possible) and preview anything not local (to stop web bugs) if HTML could not be disabled. The trouble is after 1/2 an hour we couldn't figure out how to disable these 'features' in Outlook!
Call me an idiot ("Hi idiot!"), though tell me where in that mess of secret sauce MS hid the switch? (1/2 an hour was all I could get on this non-work issue; Google didn't save me this time round.)
I don't think you understand the scale of things. Space...is big. Really big. You just won't believe how vastly hugely mind bogglingly big it is. I mean you may think it's a long way down the road to the chemist, but that's just peanuts to space.